Lucene search
+L

164811 matches found

Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-8481 Remote Code Execution via Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec function without sandboxing, input...

9.9CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago6 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS
Exploits0References6
CVE
CVE
added 1 hour ago15 views

CVE-2026-52746

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS5.3AI score
Exploits0References6
EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-45233

HCL DevOps Loop is affected by insufficient input validation that allows special characters where they should be restricted. This may result in unintended application behavior under certain conditions...

3.1CVSS5.2AI score
Exploits0References2
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS
Exploits0References1
CVE
CVE
added 2 hours ago21 views

CVE-2026-9198

IBM Langflow OSS versions 1.0.0–1.10.0 are affected by CVE-2026-9198: unauthenticated attackers chain /api/v1/auto_login (issues superuser tokens) with /api/v1/validate/code (exec() of user code) to achieve full RCE on default deployments. The root cause is the combination of an open auto-login e...

9.8CVSS5.4AI score
Exploits0References1
NVD
NVD
added 3 hours ago3 views

CVE-2026-21764

HCL DevOps Loop is affected by insufficient input validation that allows special characters where they should be restricted. This may result in unintended application behavior under certain conditions...

3.1CVSS
Exploits0References1
CVE
CVE
added 3 hours ago5 views

CVE-2026-21764

Technical details about CVE-2026-21764 are not publicly available in the provided documents. Monitor for updates from official sources; current entries only state insufficient input validation without specifics.

3.1CVSS5.2AI score
Exploits0References1
Cvelist
Cvelist
added 3 hours ago9 views

CVE-2026-21764 Insufficient Input Validation in DevOps Loop

HCL DevOps Loop is affected by insufficient input validation that allows special characters where they should be restricted. This may result in unintended application behavior under certain conditions...

3.1CVSS
Exploits0References1
NVD
NVD
added 6 hours ago5 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS
Exploits0References1
Cvelist
Cvelist
added 6 hours ago8 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 hours ago3 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS5.6AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 6 hours ago4 views

EUVD-2024-55668

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS5.6AI score
Exploits0References1
CVE
CVE
added 7 hours ago7 views

CVE-2024-23564

The CVE-2024-23564 entry concerns HCL Aftermarket EPC and describes a Business Logic Vulnerability where a non-valid user can obtain passwords from the server and have them redirected to their own email by manipulating the server response. The root cause, as stated, is that the system validates U...

9.1CVSS5.4AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago4 views

EUVD-2024-55658

HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verif...

9.1CVSS5.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 8 hours ago18 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
CVE
CVE
added 8 hours ago8 views

CVE-2026-15943

A vulnerability in Keycloak's keycloak-services component affects identity provider management. When a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value, the system performs improper validation and reuses the existing real secret even if fields ...

5.5CVSS5.4AI score
Exploits0References2
NVD
NVD
added 9 hours ago8 views

CVE-2026-9602

Mattermost Desktop App versions =6.2 6.0.2 5.6.13.0 fail to validate payloads sent from the Mattermost Web App to the Desktop App which allows a malicious server owner to crash the Mattermost Desktop App via changing the payload of a method to a malformed one. Mattermost Advisory ID: MMSA-2026-00...

6.5CVSS
Exploits0References1
Cvelist
Cvelist
added 10 hours ago12 views

CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS
Exploits0References4
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-45160

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS5.8AI score
Exploits0References4
Rows per page
Query Builder